On Debian with iptables 1.4.14 that code works - that means every chain counts dataOn Arch with iptables 1.4.19.1 - doesnt work. Only chain "all-traffic" is countedOn Centos with iptables 1.4.7 the same problem as in Arch

Re: [SOLVED] iptables chain's bytes counting problem

Problem is solved. The problem was in the --dport --sport - I swapped them and it works.

So there is a question why it works on Debian? Answer: Debian is a machine that I login remotely so I connect to its ssh and others. It's little diffrence between connecting to server and counting traffic on it than counting on client machine

Re: [SOLVED] iptables chain's bytes counting problem

The reason it works even with/without the three rules: Every packet goes to "traffic-output" after a few rules. However, "traffic-output" is an empty chain. So, the packet traverses the next rules until it may be counted (with a -j traffic-output again) and finally, tired by empty jump targets, passes via the default policy (e.g. -P OUTPUT accept).

Re: [SOLVED] iptables chain's bytes counting problem

OK. Thanks.

So would it be equivalent if you removed those 3 lines and removed the 3rd line in each of the counting sets which jumps to traffic-output as well as the lines setting up the all-traffic and traffic-output chains?

Re: [SOLVED] iptables chain's bytes counting problem

Maybe you can explain to us again what you want to achieve. If you only want to see the packets and bytes for the types of traffic, there is no need for any extra chain - is there? Why do you use them?

Re: [SOLVED] iptables chain's bytes counting problem

Interesting. Well both work generally but they have built that tool on the rules you setup. The marking according to the texts "www-traffic" etc would not be necessary (the tool could just parse the log lines with the correct --sport and --dport parms for that). But the question that matters (for a server) behind it is which way the processing of the rules is most efficient for the machine. Yet thats maybe negligible for such simple rules. Have fun setting it up.